IPSec over wireless to router

Archived from groups: comp.security.firewalls (More info?)

On Wed, 16 Jun 2004 09:27:12 +0100, Matt. wrote:
> Is it possible to set up two Win XP machines to use IPSec
> over the wireless connection to the router?
> The router and pcs are setup to use WEP plus locked down MAC
> addresses.
> Router is NETGEAR DG834G ADSL and wireless cards are
> Netgear.

Sure, just make sure you know a bit about IPSec terminology.
You use the MMC to configure IPSec in Windows XP. Google
for an introduction to IPSec and IKE, and browse this file:

http://www.air-lok.com/support/winxp_ipsecvpn.pdf

When configuring IPSec between two XP clients, you should
be able to accept most defaults and simply supply the
shared secret on both computers. I believe MMC even has
wizards that might actually do the work for you (but review
the config afterwards).

Oh, and if MMC lets you (I hope these options have improved
with SP2), use AES (or 3DES) and SHA1, not DES and MD5.


- Eirik
--
New and exciting signature!

Archived from groups: comp.security.firewalls (More info?)

On Wed, 16 Jun 2004 09:27:12 +0100, Matt. spoketh

>Is it possible to set up two Win XP machines to use IPSec
>over the wireless connection to the router?
>The router and pcs are setup to use WEP plus locked down MAC
>addresses.
>Router is NETGEAR DG834G ADSL and wireless cards are
>Netgear.
>
>Thanks,
>
>Matt.
>

It's a fairly simple task to create an IPSec policy to encrypt all the
traffic on your LAN, you just need to make exceptions for network
devices that doesn't talk IPSec, such as your router...

Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"

Archived from groups: comp.security.firewalls (More info?)

"Joe" <asdf@asdf.com> wrote in message news:40d08c9b$1@news.microsoft.com...
> I think the first q would be why do you want IPSEC?
> I asume you would also run IPSEC on the whole network if you truely wanted
> security.
> Are you concerned about the WIFI not being secure ? If so you pretty much
> have it covered with Mac and Wep
>

Actually, not true. WEP is notoriously insecure, although WPA is much
better. As for MAC filtering, it is definitely nice, but don't let it lull
you into a false sense of security either. It certainly keeps casual hackers
away, but determined individuals can rather simply pull valid MAC's out of
the air from the valid traffic and then with the right gear they can simply
spoof one of these valid MAC values from their wireless client. Some
security pros will tell you that MAC filtering isn't even hardly worth the
time for an enterprise environment, but I still say that it is like locking
a door. Sure, a locksmith can pick most locks rather easily, but it still
keeps the casual vandal away.

This guy sounds pretty astute to me for wanting to try and implement IPSec
for all his wireless traffic. But as in most security endeavors it all boils
down to how much effort and expense you want to go to in locking something
down versus what your risk expectations are. There really aren't many
absolutes in the security biz.

Alec